Skip to content
Fetching contributors…
Cannot retrieve contributors at this time
529 lines (447 sloc) 22.3 KB
$Id: HISTORY,v 1.24 2007/12/31 21:02:56 nickm Exp $
NEW IN VERSION 0.0.8alpha4:
- Avoid crashes on servers when name resolution fails for our own name
(Patch from Tobias).
- Avoid crashes on servers when directory download fails (Patch from
- Fix support for -n option to flushqueue command (Patch from Tobias).
- Fix SQL syntax error spotted by Uwe Danz.
NEW IN VERSION 0.0.8alpha3:
- Create .mixminion directory even when we try to lock before accessing
it: This prevents "update-servers" from crashing when run without
a .mixminion directory.
- Don't die when gzip compression on a downloaded directory is corrupt.
- Don't die when an incoming connection closes before we can get its
- Do not believe any path specifier that results in an impossibly short
- Bump preferred openssl version to 0.9.8e.
NEW IN VERSION 0.0.8alpha2:
- License changed from LGPL to the so-called "MIT" license. This has
been planned for ages; see
- Numerous bugfixes:
- Implement DESTDIR correctly.
- Do not crash when run with python 2.4
- Bump preferred openssl version to 0.9.8a
- Work when umask setting is bizarre (0077, 0000, etc.)
- Make -P and mbox work correctly together.
- Catch over-long paths.
- Tolerate missing /dev/null
- Solve crash on mixminion clean-queue
- Do not exit on a spurious protocol string from another MMTP host.
- Do not use stdio to read /dev/urandom: This wastes entropy.
- Security improvements
- Regenerate SSL certificates more frequently.
- Servers schedule and retry delivery on a per-address basis, not a
per-message basis.
- Drop support for pre-0.0.6 servers: Servers are now located by
- Add a "count-packets" command to tell how many packets will be needed
to send a message. Some integrators need this.
- Add a "SendmailCommand" option for invoking an external program to send
email rather than simply connecting to an SMTP server.
- Write much of ClientAPI, so Mixminion is easier to embed -- having this
in a real release should make the Nymbaron team happy.
- Experimental pinger code, using pysqlite as a data store and
implementing the "Echolot" remailer reliability algorithm.
More work is needed.
- Partially implemented code for distributed coordinated voting directory
servers. Client side and data formats are done; glue remains.
- Recommended versions are no longer hard-coded.
- Refactor how we learn about servers and generate paths.
- Split out option-parsing logic to make option lists more consistent.
- Suppress prompt when reading messages from non-TTY fds.
- Implement --status-fd option to dump info to would-be integrators.
- Better errors on expired certs
NEW IN VERSION 0.0.8alpha1:
- Make it work with Python 2.4, and more versions of zlib.
- Install man pages in PREFIX/share/man, not PREFIX/man.
- If the server crashed while changing a packet's metadata, it would often
crash upon restart. Now it doesn't.
- Don't crash when trying to route from a pre-0.0.6 server to a server
with no IP.
- Don't crash when we fail to download a directory.
- New version number; nothing else has changed since 0.0.7rc2.
NEW IN VERSION 0.0.7rc2:
- Provide more helpful error messages when directory download fails.
- Fix a possible crash during message delivery
- Fix a race condition with multiple simultaneous processes.
- Don't create empty output files when there is no data to write.
- Many bugfixes for client-side message reassembly.
- All options that asked for a number of hops are now deprecated (with
warnings) or disabled (with errors); use -P instead.
- Server bandwith spikiness is now configurable.
- ConnectionTimout has been renamed (more accurately) to Timeout.
- The -i and -o flags are now optional whereever possible, and
default to stdin and stdout.
- Mixminion now ships with man pages for mixminion(1), mixminiond(8),
mixminionrc(5), and mixminiond.conf(5).
NEW IN VERSION 0.0.7rc1:
- Ability to delete or transmit queued messages to selected mixes,
instead of all mixes.
- Configuration options to block servers from path generation.
- New "mixminiond FOO" script as alternate starting point for
"mixminion server-FOO" functions.
- CLI interface for client-side fragment reassembly.
- Command shell (on Windows) supports filenames with spaces much
- Allow servers to download and use directories (necessary for
dummy/pinging work in future versions.)
- Display server nicknames in log instead of just IP addresses.
- Servers check recommended-version, complain when server is obsolete.
- Put timezones in log.
- Refactor RFC822 header generation logic (original patch from
- Rewrite MMTP logic to implement protocol correctly and transfer
packets more quickly, without waiting for round-trip acknowledgments
after each before sending the next.
- Unify client and server MMTP sending implementations.
- Use IP TOS flags where available to request optimization for
- Configurable limits for bandwidth.
- Configurable limits on number of outgoing network connections.
- New --reply-block-fd option to read reply-blocks from a file
- New --passphrase-fd option to read passphrase from a file
- The --quiet option works for clients as well as servers.
- "mixminion ping" supports addr:port syntax as well as nicknames.
- Call shred more efficiently when calling shred
- Other bugfixes too numerous to mention
- Remove some deprecated functionality
- Better windows build
- Fixed a bug that prevented the client from ever deleting messages
from its queue.
- Have clients handle dropped connections to servers correctly, by
retrying only the packets that were not delivered.
- Several documentation fixes.
- Make the -H option work again when -P is not provided, and give a
useful error when it is.
- Make 'list-server -R' work properly.
- Fix a bug that made it impossible to send replies messages with text
from the command line.
- Never try to clean client queues without holding the proper lock.
- Prevent the server from crashing on an unresolvable hostname.
- Several documentation fixes.
- Starting a server for the first time will no longer give a spurious
message about an out-of-date installation.
- We now accept as uniform several more recent versions of zlib.
- 'mixminion server-start --quiet' is now even more quiet than before.
- Inital initial debian packaging files and targes (Peter Palfrader)
NEW IN VERSION 0.0.6rc2:
- Fixed a couple of bugs that would prevent Mixminion from running on
Python 2.0 or Python 2.1.
- Fixed a build problem with stand-alone Windows builds: the 'bsddb'
module was not included, so we were defaulting to the slow and
inefficient 'dumbdbm' module to store hash logs, SURB logs, and fragment
NEW IN VERSION 0.0.6rc1:
- Windows support
- The Mixminion command-line interface now works on MS Windows, at
least for me. It has been tested on Windows 2000, and should work
on any platform running Windows 98 or later. There are probably
some lingering bugs, especially when running a server.
- Improved security
- SURB keys are now rotated periodically.
- The client now _always_ shuffles packets before delivery, and sends
them in a random order.
- Improved robustness
- Servers are now addressed by hostname rather than IP. It is now
feasible to run a Mixminion server with a dynamic IP address.
Support for old-style routing will be deprecated in 0.0.7.
(Servers use a DNS-farm abstraction to avoid blocking on slow
DNS lookups. MMTP connections are still authenticated, so attacks
against DNS can at worst delay packets from arriving.)
- The path generation logic has been largely rewritten to use the
optimal routing method for each server-to-server pair.
- The path generation code now chooses good paths for fragmented
messages and messages with specific requirements on their exit
- Client queues are generally less buggy.
- Consistency enforcement between fragmentation and other modules.
- Better spec compliance.
- Improved performance
- When flushing messages from the client queue, it is no longer
necessary to load them all into RAM at once.
- User interface tweaks
- When running as a client, Mixminion now displays servers by nickname
in addition to IP:port whenever possible. Servers will gain this
behavior in a later version, once they begin downloading
- The behavior of 'mixminion list-servers' has been changed: its
default output is far terser and easier to parse than before, though
output _even more_ verbose than previous can be selected. Also,
whereas the old implementation only listed servers by their
lifetime, capabilities, and status, it is now possible to list
arbitrary 'features' of the servers in the directory.
- Error messages for timeouts are more reasonable; timeouts themselves
should now work a little better than before.
- A longstanding typo in the MMTP server's logging code has been
resolved: running at DEBUG should be far terser and more reasonable
than before.
- Users can now send fragmented messages for reassembly by their
recipients rather than exit servers. (Client side reassembly is
not yet implemented, however.)
- Many error messages have been cleaned up, including a few related to
SSL errors, Windows internals, corrupt databases, unsupported
- Build improvements
- Use the preferred version of Python if one exists.
- Add build target to output test vectors for crypto functionality.
- Support the DESTDIR environment variable
- Check SHA1 digest on downloaded OpenSSL 0.9.7c.
- Other bugfixes too numerous to mention.
- Allow exit servers to decide whether to support user-supplied from
- Fail more gracefully when we try to deliver mail and the the local MTA
is down.
- Fix a harmless but hard-to-detect bug that showed up when running
unittests on certain platforms.
NEW IN VERSION 0.0.5rc2:
- Fix for a bug that would crash exit servers trying to upgrade from
certain older versions.
- Improved error messages for several cases.
- Add a draft man page (credit goes to George Danezis).
NEW IN VERSION 0.0.5rc1:
- Support for email headers. 'Subject', 'In-Reply-To', and 'References'
are fully supported. 'From' support is limited, as documented in
- Limited support for K-of-N message fragmentation and reassembly. Right
now, clients can send large fragmented messages for servers to
reassemble them. Not yet supported are independent paths, fragmented
reply messages, and client-side fragment reassembly.
- UI improvements
- Path generation can now create random-length paths
- Support for removing old messages from client queues.
- 'Mixminion shell' command to wrap other commands on platforms with
iffy terminals or shells. Poor substitute for a real GUI.
- Improved portability
- All client and server functionality works properly on Cygwin.
- Everything should work on win32 too. (But it won't be supported till
I can get Py2Exe working.)
- The build system should work on more unixes.
- Improved configurability
- Support for suppressing directory permission messages.
- Improved performance
- Server RAM usage should be way down, except while reassembling large
- Improved testability
- Server descriptors now describe the server's platform and
- Bugfixes too numerous to mention. Server pools in general should be
significantly more robust.
- Fixed a bug that would sometimes give a useless error message when
trying to build a message with a too-long path.
NEW IN VERSION 0.0.4rc4:
- Improved error message on nonexistent directory.
- Fixed a bug (found by Mike Gurski) that could kill a server if a message
was received for an old key in between deleting the old key's replay cache,
and deleting the old key itself.
- Fixed a bug in setting up server directories.
NEW IN VERSION 0.0.4rc3:
- Memory leaks:
- Made server code release memory more aggressively.
- Fixed a race condition where messages could be queued on a server
connection that was already shutting down.
- Fixed memory leaks on certificate checking.
- Server bugs:
- Fixed a server crash on key-rotation that would occur when to trying
to open the same hash log db file twice.
- Fixed bug that would crash server if PublicKeyLifetime changed.
- Made server differentiate between ENOENT and EACCES when starting.
- Fixed a bug that would cause key generation to happen at the wrong
- Other bugs:
- Fixed a bug related to using client keyrings without passwords.
- Made ASCII armor more reliable in the face of extraneous space,
headerless armor, and so on.
- Excluded superseded servers from directories more thoroughly.
- Cosmetic:
- Commented most uncommented code.
- Refactored path selection again.
- Refactored code to use more reliable file accessing functions.
- Added more unit tests
- Performance enhancements:
- Changed recommended OpenSSL version to 0.9.7b.
- Implementation quality
- Improved a few log messages.
- Made included etc/mixminiond.conf more reasonable by using a less
aggressive retry schedule, commenting out unused Allow lines, and
decreasing PublicKeyLifetime.
- Made os.expanduser work on more configuration values.
- Enabled threading on more C functions.
NEW IN VERSION 0.0.4rc2:
- The server shouldn't crash so much when it gets bad TLS errors or
timed-out connections. Sometimes, it will give better errors when it
NEW IN VERSION 0.0.4rc1:
First steps toward directory automation:
- Servers generate new keys and server descriptors when the old ones
are close to expiring. (~2 weeks)
- Servers also regenerate server descriptors when their configuration
- When a set of keys expires, a server rotates to the next set
automatically (with some overlap).
- Servers can upload their descriptors to a directory server
- There's a trivial directory backend that accepts signed updates
automatically, and queues new servers.
- Directories now include a list of which servers are believed to be
working correctly. Right now, this list is still manually
- There's a cron job that regenerates the directory every so often.
Packet format overhaul:
- Server RSA keys are now 2048 bits long.
- The header representation is more compact now, so we don't pay in
space for the increased key length.
MMTP improvements:
- The certificate regime has changed so that key rotation is now
possible: instead of authenticating servers based on their TLS
keys, we authenticate based on their identity keys, which never
- Packets sent from a server to itself no longer hit the network.
- When relaying messages, a server never opens more than 1 connection
at a time to the same server.
- MMTP clients now recognize a 'REJECTED' reply that a server can use
to refuse messages when under high load.
Other server improvements:
- Servers can (optionally) track the number of packets received,
relayed successfully, dropped, and so on.
- Servers can recognize and advertise whether they are configured
- The deliver/retry logic has been largely rewritten. It should
freak out and die less frequently now. In any case, it also prints
better debugging messages, and thrashes the disk less.
Minor changes:
- We now use real OpenPGP-style ASCII-armor. Accept no substitutes!
Numerous UI Improvements:
- There are saner error messages for many common cases.
- Support for multiple SURB keys to prevent identity-blending attack.
- There's a new (temporary) 'mixminion ping' command that you can use
to tell whether a server is accepting connections. It's potentially
dangerous (if you go pinging all the servers in your path), and has
a banner saying so.
- The path selection syntax has changed to be more flexible. (You can
now specify a single random hop, or N random hops.)
Better build support:
- Fail more gracefully with missing 'which'.
- Fail more gracefully with missing python-dev.
- Portability fixes for Python 2.0.
Client tweaks:
- Default connection timeout to 1 minute.
- Rename stop-server to server-stop.
- Rename reload-server to server-reload.
NEW IN VERSION 0.0.3rc2:
Numerous bugfixes, including:
- More verbose client locking
- More reasonable log messages
- Better messages on missing openssl
- Improved documentation
- Better support for confused permissions on build
- Better errors on failing directory retrieval
- Less verbose description of reply blocks skipped.
- Base64 encoding should no longer get corrupted by outlook
- Fix nasty race on queue cleaning.
- The code compiles (but doesn't run) under cygwin.
New features:
- mixminion stop-server and mixminion reload-server commands.
NEW IN VERSION 0.0.3rc1:
- Single-use reply blocks (SURBs) are fully supported and available.
- You can use client-side pooling: it holds messages until you're
ready to send them. Pooling also prevents you from losing
messages when the first hop in your path is temporarily down.
- You can now decode binary messages or reply messages from the command
- We now time out faster when servers are down.
- Many error messages are far friendlier.
- It's now safe to run multiple instances of the client at once.
- Numerous UI improvements and typo fixes; error reporting is better in
many ways.
- It's easier to build with different OpenSSL installations.
- Servers now have a lightly multithreaded design to prevent extreme
stalling under heavy loads. Now the network should remain fairly
responsive under far more traffic than before.
- When a message delivery fails, the retry schedule is more reasonable.
By default, a server will retry an undeliverable message every
30 minutes for a day, then every 7 hours for 5 days.
- All modules that use SMTP now set a "X-Anonymous: yes" header.
- We now implement MMTP correctly; before, we didn't accept junk
packets; handle protocol negotiation right; or do support key
- DROP packets have random payloads.
- A nasty bug in our implementation of counter mode is fixed. On
the bright side, big-endian and little-endian hosts should now,
finally, be compatible. On the minus side, we lose backward
- Server descriptors and directories now follow a more forward-
compatible format: we can add sections and entries in the future
with less risk of breaking existing clients.
- Fixed a bug that crashed your server when another server's KeyID was
- Add minimal handlers for TERM and HUP signals.
- Add a disclaimer to main usage message.
- BUGFIX: A nasty bug is fixed that could, under just the right
circumstances, send the server into an infinite loop and fill up your
hard drive. If you're running a server, you *should* upgrade.
- Server log messages are more reasonably structured.
- is more clever about half-installed Python.
- "list-servers" now supports the same directory-download options as
does "send".
- A real SMTP exit module to relay messages via a local MTA. Blacklisting
is supported by address, by username, by host, by entire domain, and
by regular expression.
- Integrated directory support for clients.
- Automatic path selection, along with a better user interface to specify
- You can now enable Cottrell (DynamicPool) and Binomial Dynamic Pool
batching, though they are disabled by default to make the system more
- Servers resist certain trivial DoS attacks more strongly. In
particular, you should no longer be able to send zlib bombs or flood a
server with open connections.
- Clean build process under FreeBSD.
- Ability to run server as a daemon.
- Slightly better documentation and error messages.
- Better resistance to newline corruption of server descriptors.
- Other bugfixes and performance improvements too numerous to mention.
- You can run a rudimentary server that can deliver to other Mixminion
servers, that can use Mixmaster to deliver to any external address,
or that sends SMTP directly to a preconfigured set of addresses.
- You can send anonymous email via these servers.
(for emacs)
Local Variables:
Jump to Line
Something went wrong with that request. Please try again.